JP2008181224A - Information asset management server, method and program - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To disclose information assets to the outside while maintaining security. <P>SOLUTION: An information asset management server 40 connected to a user terminal 10 via a network 100 includes a control part 41 for performing predetermined information processing, and a storage part 43 having a storage area 43a for storing information assets to be stored, a storage area 43b for disclosure for storing information assets to be disclosed, and a meta information storage area 43c for storing meta information. The control part 41 stores in the storage area 43a asset information to be stored received from the user terminal 10, and a security label that defines terms to be observed in disclosing asset information to the outside; meta information is created based on the security label and stored in the meta information storage area 43c; based on the meta information, information assets for disclosure are created by processing the asset information to be stored, and stored in the storage area 43b for disclosure. <P>COPYRIGHT: (C)2008,JPO&INPIT

Description

  The present invention relates to an information asset management server, method, and program for managing information assets using meta information representing a security level.

  Conventionally, when the server provides information assets such as data and contents for external user terminals, "Handling Precautions," etc., according to the standards established by each organization according to the sensitivity of information assets and the disclosure destination Data processing such as adding a security display, adding a watermark such as “copy not possible”, adding a “copyright” display indicating copyright, and so on. In particular, most of the data stored in a company is document data in a unique format created by software called an office suite, which includes a method for defining mutual relationships and common syntactical data. Since there are very few features, automatic analysis and management are difficult, and in many cases, management / operation of document data in an organization relies on human hands.

  Moreover, when preparing the same information asset for disclosure and non-disclosure, a plurality of files corresponding to the type of disclosure destination were prepared and operated manually.

  In addition, content data such as image data, audio data, and moving image data has been processed from the viewpoint of copyright protection, for example, by lowering the analysis level and releasing it to the outside. Regarding the storage format of content data, there have been cases where work such as conversion to a storage format that is difficult for others to provide is necessary.

JP 2006-172161 A

  If these data processing and storage format changes are not executed correctly, there has been a problem that information assets are leaked to the outside against the intention of the organization.

  By the way, when a server provides information assets such as data and contents for an external user terminal, a technology for limiting users and usage periods using meta information added to the information assets is disclosed. However (see Patent Document 1), it has not been possible to disclose information in accordance with restrictions on specific data formats.

  The main problem of the present invention is to disclose the information assets to the outside while maintaining the safety of the information assets.

  In a first aspect of the present invention, an information asset management server is connected to a user terminal via a network and manages information assets, and includes a control unit that performs predetermined information processing, and a storage information asset. A storage area for storage, a storage area for storage for storing information assets for disclosure, and a storage section having a meta information storage area for storing meta information, wherein the control section stores the information from the user terminal. Processing for storing asset information and a security label defining a rule to be protected when publishing asset information to the outside in the storage area for storage, processing for generating meta information based on the security label, Processing for storing meta information in the meta information storage area, processing for generating public information assets obtained by processing the storage asset information based on the meta information, and the public information A process for storing the use information assets to the public storage area, characterized by a run.

  In the information asset management server of the present invention, the control unit generates a public information asset in which the storage format of the storage asset information is changed based on the meta information in the process of generating the public information asset. It is preferable to execute the processing.

  In the information asset management server of the present invention, the control unit generates a public information asset in which a resolution of an image of the storage asset information is reduced based on the meta information in the process of generating the public information asset It is preferable to execute the processing.

  In the information asset management server of the present invention, in the process of generating the public information asset, the control unit includes public information in which watermark characters are put in a document of the storage asset information based on the meta information. It is preferable to execute processing for generating an asset.

  According to a second aspect of the present invention, there is provided an information asset management method for managing information assets using a server connected to a user terminal via a network, wherein the storage asset from the user terminal is managed by the server. Storing information in a storage area for storage and a security label that defines a rule to be observed when asset information is disclosed to the outside, and generating meta information based on the security label in the server; Storing the meta information in the meta information storage area at the server, and generating a public information asset by processing the storage asset information based on the meta information at the server; Storing the public information asset in the public storage area in the server.

  According to a third aspect of the present invention, there is provided an information asset management program for executing management of information assets using a server connected to a user terminal via a network, wherein the server stores the information asset from the user terminal. Storing the asset information and the security label that defines the rules to be observed when the asset information is disclosed to the outside in the storage area for storage, and generating the meta information based on the security label in the server Processing, processing for storing the meta information in the meta information storage area in the server, and processing for generating public information assets obtained by processing the storage asset information based on the meta information in the server And a process of storing the public information asset in the public storage area in the server.

  According to the present invention, a public storage area for providing information assets to the outside is provided in the information asset management server. When an information asset is moved or copied to that area, the data asset is stored in accordance with the meta information of the information asset. By processing, it can be disclosed to the outside while maintaining the safety of information assets. In addition, since the user performs appropriate processing using the meta information (security label) added to the information asset, the information asset in the state that has been appropriately processed for external access. It can be realized without trouble.

(Embodiment 1)
An information asset management server according to Embodiment 1 of the present invention will be described with reference to the drawings. FIG. 1 is a block diagram schematically showing the configuration of a system including an information asset management server according to the first embodiment of the present invention.

  The information asset management server 40 is a computer server that manages information assets, and operates under program control. The information asset management server 40 is connected to the user terminal 10, the user terminal 20, and the authentication server 30 via a network 100 such as the Internet. The information asset management server 40 includes a control unit 41, a communication unit 42, and a storage unit 43. The control unit 41 performs predetermined information processing based on the program. The communication unit 42 transmits / receives predetermined information to / from the user terminal 10, the user terminal 20, and the authentication server 30. The storage unit 43 stores data, programs, meta information, and the like. The storage unit 43 includes a storage area for storage 43a, a storage area for disclosure 43b, and a meta information storage area 43c. The storage area 43a for storage is a storage area for storing information assets (for example, documents, image data, audio data, moving image data, etc.) that are the basis of the user terminal 10. The publishing storage area 43b contains meta information (information for managing rules to be kept when publishing to the outside (storage format, analysis degree of image data, information on characters to be burned into a document, etc.); This is an area for storing public information assets processed based on the conditions defined in the meta information for maintaining the property. The meta information storage area 43c is an area for storing meta information generated based on the security label corresponding to the information asset in the storage area for storage 43a.

  The user terminals 10 and 20 are information processing terminals such as a mobile phone, a PDA, a stereo player, and a personal computer used by the user, and perform predetermined information processing based on a program. The user terminal 10 is a terminal on the information asset providing side. The user terminal 10 accesses the information asset management server 40 by the user's operation, uploads the information asset file, and maintains safety for each individual information asset file and the folder unit managing them. Meta information, for example, a function for setting restrictions when publishing to the outside. The user terminal 20 is a terminal on the information asset reference side.

  The authentication server 30 is a certificate authority server that issues an authentication device such as an IC card and a USB device, generates a key pair, and issues a certificate.

  Next, the operation of the system including the information asset management server according to the first embodiment of the present invention will be described with reference to the drawings. 2 to 4 are flowcharts schematically showing the operation of the system including the information asset management server according to the first embodiment of the present invention.

(User authentication; see Figure 2)
First, a user who registers an information asset file uses the user terminal 10 to access the information asset management server 40 to log in, and in response to an authentication information input request from the information asset management server 40, the user authentication is performed. Information (for example, an electronic certificate held in the authentication device) is transmitted to the information asset management server 40 (step A1).

  Next, the information asset management server 40 transmits the authentication information from the user terminal 10 to the authentication server 30 (step A2).

  Next, the authentication server 30 performs authentication by comparing the authentication information registered in advance with the authentication information from the information asset management server 40, and a data area assigned to the user when the authentication is matched. Access permission information permitting access to the information asset management server 40 (step A3). If the authentication is not performed due to the mismatch, the authentication server 30 does not transmit the access permission information to the information asset management server 40.

  Next, the information asset management server 40 permits access to the data area allocated to the user based on the access permission information from the authentication server 30, and notifies the user terminal 10 to that effect (step A4).

(Data registration; see Figure 2)
When access is permitted in steps A1 to A4, the user who registers the information asset file transmits the information asset to be stored to the information asset management server 40 using the user terminal 10 (step B1).

  Next, the information asset management server 40 stores the information asset from the user terminal 10 in the storage area for storage 43a (step B2).

  Next, the user uses the user terminal 10 to set and set a security label (for example, a restriction item when publishing to the outside) for maintaining appropriate safety for the stored information asset. The security label thus transmitted is transmitted to the information asset management server 40 (step B3).

  Next, the information asset management server 40 adds the security label from the user terminal 10 to the corresponding information asset in the storage area for storage 43a and stores it, and generates meta information based on the security label. The meta information is stored in the meta information storage area 43c in association with the stored corresponding information asset (step B4).

  Here, the meta information is expressed in a machine readable tag language such as XML. For example, FIG. 5 shows an example described in N-Triples syntax rules expressing RDF data. In the example of FIG. 5, the document “sample.doc” (actually a full-path URI) has a security label “public folder A” (secLabel: public folder A), and the location “www” of the public folder A .abc.com / aa / bb / cc "(secLabel: location) represents that it must be converted to a pdf storage format (secLabel: docType). Here, “secLabel” indicates a vocabulary of unique security-related meta information. The example of FIG. 6 expresses the meta information corresponding to FIG. 5 in the XML format.

  Next, when publishing the stored information assets to the outside, the user or application uses the user terminal 10 to copy the information assets stored in the storage area 43a to the disclosure storage area 43b. In this manner, the information asset management server 40 is requested (step B5). FIG. 2 shows a copy request from the user terminal 10.

  Next, in response to a copy request, the information asset management server 40 reads meta information corresponding to the information asset to be disclosed in the data copy program control process, and stores the conditions (saves) defined in the read meta information. The corresponding information asset is processed based on the format, the analysis degree of the image data, the character information to be burned into the document, and the processed information asset is stored in the public storage area 43b (step B6). Here, processing means changing the storage format (for example, ppt / doc → pdf), reducing the resolution of the image, and inserting watermark characters (for example, “secret matter”) in the document. It means to change it and make it new.

(Refer to public asset information; see Figure 3)
The user who refers to the asset information accesses the information asset management server 40 to log in using the user terminal 20, and after performing an appropriate approval process as shown in steps A1 to A4, the information asset management server 40 The information asset stored in the public storage area 43b is requested (step C1).

  Next, in response to a request from the user terminal 20, the information asset management server 40 reads the corresponding information asset from the public storage area 43b, and transmits the read information asset to the user terminal 20 (step C2).

  Next, the user terminal 20 displays the information assets from the information asset management server 40 (step C3). Thereby, the user can use the information asset.

(Updating asset information; see Figure 4)
When updating the information asset and meta information, the user who has registered the information asset and meta information uses the user terminal 10 to access the information asset management server 40 to log in, as shown in steps A1 to A4. Through an appropriate approval process, the asset information stored in the storage area 43a of the information asset management server 40 is requested to the information asset management server 40 (step D1).

  Next, in response to a request from the user terminal 10, the information asset management server 40 reads the corresponding information asset from the storage area for storage 43a, and transmits the read information asset to the user terminal 10 (step D2).

  Next, the user terminal 10 displays the information asset from the information asset management server 40, edits and changes the information asset by user operation, and transmits the edited and changed new information asset to the information asset management server 40. (Step D3).

  Next, the information asset management server 40 updates the old information asset stored in the storage area 43a for storage to a new information asset from the user terminal 10 (step D4).

  Next, when setting a new security label for the updated new information asset, the user uses the user terminal 10 to set a new security label, and the set new security label is set to the information asset management server. 40 (step D5).

  Next, the information asset management server 40 updates a new security label from the user terminal 10, generates new meta information based on the new security label from the user terminal 10, and stores it in the meta information storage area 43c. The old meta information that has been set is updated to the generated new meta information (step D6).

  Next, when the user or application publishes the stored new information asset to the outside, the user terminal 10 uses the user terminal 10 to display the new information asset stored in the storage area for storage 43a. The information asset management server 40 is requested to copy to 43b (step D7).

  Next, in response to a request from the user terminal 10, the information asset management server 40 reads new meta information corresponding to the new information asset to be disclosed in the data copy program control process, and reads the read new meta information. Based on the conditions defined in the information, the corresponding new information asset is processed, and the information asset stored in the public storage area 43b is updated to the new information asset (step D8). Thereby, data can be updated.

  Note that steps D5 and D6 are omitted when only information assets are updated. Further, when only the meta information is updated, steps D1 to D4 are omitted.

(Deleting asset information; see Figure 3)
When deleting the information asset and meta information, the user who registered the information asset and meta information uses the user terminal 10 to access the information asset management server 40 to log in, as shown in steps A1 to A4. Through an appropriate approval process, the information asset management server 40 deletes the asset information stored in the storage area 43a for storage of the information asset management server 40 or the meta information stored in the meta information storage area 43c. Request (step E1). In FIG. 3, the deletion of the information asset for storage is requested.

  Next, in response to the deletion request from the user terminal 10, the information asset management server 40 acquires the information asset stored in the storage area 43a for storage or the meta information stored in the meta information storage area 43c. Delete (step E2).

  Next, the information asset management server 40 deletes the asset information stored in the public storage area 43b corresponding to the deleted asset information or meta information (step E3). When only the information assets stored in the storage area 43a for storage are deleted, the information asset management server 40 also deletes the meta information stored in the meta information storage area 43c in step E3.

  According to the first embodiment, since the user performs appropriate processing using the meta information (security label) added to the information asset, the user is appropriately processed for external access. It is possible to realize the provision of information assets on the Internet without trouble. This is effective not only for security effects but also for information disclosure that meets the restrictions of specific data formats. Further, by adding meta information specifying a plurality of information assets for disclosure, it becomes possible to manage a plurality of information assets according to the disclosure destination.

  Further, by utilizing the system of the first embodiment as an in-house system, information assets can be securely disclosed to the outside such as employees, group companies, and customers. In addition, when providing data to an external business that prints documents on paper or prints photo data (DPS service), it is possible to provide information assets in the data format required by each business partner. .

  Note that the present invention is not premised on operation on the Web typified by the World Wide Web, and includes operation on an intranet or the like. In the first embodiment, the meta information storage area is provided on the information asset management server 40. However, the meta information is stored as a document attribute even in a remote host machine having the information asset. Is also possible. Similarly, with respect to a method for identifying metadata serving as a trigger for file processing, in the first embodiment, information on a storage folder is shown as an example. Regarding the content / position of the meta information serving as a trigger, in addition to the information of the storage destination folder, meta information indicating the file name, the data type of the information asset, and the like can be considered. Also, it is possible to use a part of certain meta information, for example, Prefix / Suffix, and the contents of these meta information, the position, whether the whole or part of the meta information is not limited in the present invention.

It is the block diagram which showed typically the structure of the system containing the information asset management server which concerns on Embodiment 1 of this invention. It is the flowchart which showed typically operation | movement (user authentication, data registration) of the system containing the information asset management server which concerns on Embodiment 1 of this invention. It is the flowchart which showed typically operation | movement (reference of public asset information, deletion of asset information, etc.) of the system containing the information asset management server which concerns on Embodiment 1 of this invention. It is the flowchart which showed typically operation | movement (update of asset information etc.) of the system containing the information asset management server which concerns on Embodiment 1 of this invention. This is an example described in N-Triples syntax rules expressing RDF data. The meta information corresponding to FIG. 5 is expressed in XML format.

Explanation of symbols

DESCRIPTION OF SYMBOLS 10 User terminal 20 User terminal 30 Authentication server 40 Information asset management server 41 Control part 42 Communication part 43 Storage part 43a Storage area 43b Storage area 43c Meta information storage area 100 Network

Claims (6)

An information asset management server that is connected to a user terminal via a network and manages information assets,
A control unit for performing predetermined information processing;
A storage unit for storing storage information assets, a storage unit for storing public information assets, and a storage unit having a meta information storage region for storing meta information;
With
The controller is
Storing the storage asset information from the user terminal and the security label that defines the rules to be observed when the asset information is disclosed to the outside in the storage area for storage;
Processing for generating meta information based on the security label;
Storing the meta information in the meta information storage area;
A process for generating a public information asset obtained by processing the storage asset information based on the meta information;
Storing the public information asset in the public storage area;
An information asset management server characterized by executing   The said control part performs the process which produces | generates the information asset for a public which changed the preservation | save format of the said asset information for a preservation | save based on the said meta information in the process which produces | generates the said information asset for a public. Item 1. The information asset management server according to item 1.   In the process of generating the public information asset, the control unit executes a process of generating a public information asset having a reduced resolution of the image of the storage asset information based on the meta information. The information asset management server according to claim 1.   In the process of generating the public information asset, the control unit executes a process of generating a public information asset in which watermark characters are included in a document of the storage asset information based on the meta information. The information asset management server according to claim 1, wherein An information asset management method for managing information assets using a server connected to a user terminal via a network,
In the server, storing the asset information for storage from the user terminal and the security label defining the rules to be protected when the asset information is disclosed to the outside in a storage area for storage;
In the server, generating meta information based on the security label;
Storing the meta information in the meta information storage area in the server;
In the server, generating a public information asset obtained by processing the storage asset information based on the meta information;
Storing the public information asset in the public storage area in the server;
An information asset management method comprising: An information asset management program for executing management of information assets using a server connected to a user terminal via a network,
In the server, storing the storage asset information from the user terminal, and storing the security label that defines the rules to be protected when the asset information is disclosed to the outside in the storage area for storage,
In the server, processing for generating meta information based on the security label;
In the server, the process of storing the meta information in the meta information storage area;
In the server, a process of generating a public information asset obtained by processing the storage asset information based on the meta information;
The server stores the public information asset in the public storage area;
An information asset management program characterized in that

Images